For more than 20 years, AEG has played a pivotal role in transforming sports and live entertainment. Annually, we host more than 160 million guests, promote more than 10,000 shows and present more than 22,000 events around the world. We are committed to innovation, artistry, and community, and leverage the power of our 300+ venues, leading sports franchises, marquee music brands, integrated entertainment districts, premier ticketing platform and global sponsorship activations, to create memorable moments that give the world reason to cheer.
Our business is interwoven with the human mind and heart, and we strive to build a diverse and inclusive company that reflects the artists, athletes, and fans that we host; reach beyond traditional boundaries to support the communities in which we operate; and minimize our impact on the environment by adopting sustainable practices throughout our business operations.
If you want to be challenged to up your game and make a difference, then join us in giving the world reason to cheer!
The Sr Information Security Engineer is responsible for executing all phases of the security technology lifecycle including technical requirements, architecture, design, and implementation. The Sr Security Engineer possess an in depth understanding of current and emerging threats and technology to drive improvement in all technical areas of security including network, data, application, cloud, IAM, mobile and endpoint. Integral to the success of this role is building partnerships across IT, strong communication skills, and maintaining an internal and external peer network. The Sr IT Security Engineer leverages a strong external peer network to collaborate on security techniques and validate technical solutions and ideas.
- Architect, design, deploy, and manage the implementation of multiple information security technologies including end point, application, database, network, cloud, infrastructure, and identity management solutions.
- Architect, design and deploy technology to support security operations center including log management, SIEM, vulnerability management, patch management, and forensics tools.
- Conduct research to identify threats and attack vectors and develop mitigating solutions to manage the risk. Proactive monitoring of logs and alerts within our security framework.
- Develop and maintain the S-SDLC through collaboration with business sponsors and development teams to ensure systems are architected with security from the beginning.
- Support the execution and coordination of application and infrastructure penetration testing.
- Review and document security related change requests and advise management on approval decisions.
- Maintain technical currency and continuously leverage opportunities to strengthen skills and broaden expertise.
- Collaborate with peers across affiliate companies to share incident information, solutions and best practices.
- A minimum education level of: BA/BS Degree (4-year) in Information Technology, CS/Engineering, Economics, or Business
- A minimum of 4-6 years of related work experience
- Experience in working with security operations tools including anti-malware, AV, IPS/IDS, SIEM, CASB, SSO, MFA, Spam filtering, DLP.
- Experience in managing and operating vulnerability/patch management processes and tools.
- Excellent written and verbal communication skills with the ability to explain technical concepts to a non-technical audience.
- Conceptual understanding with deep knowledge in a few security subject areas and broad knowledge over multiple security subject areas and applied experience.
- Experience with security industry standards (ISO 27001, NIST Cybersecurity Framework) and best practices
- Experience in coordinating and performing application and infrastructure penetration testing.
- A thorough understanding of tools, policies and standards related to security systems and experience in executing incident response process and procedures.
- Demonstrated commitment to continuing education to strengthen skills, broaden expertise and maintain currency with emerging technology.
- Project management experience (planning, organizing, coordinating consulting resources) and the ability to manage outsourced services and resources.
- Must be well versed in incident management, threat management, and vulnerability management.
- Experience working across teams to prevent, identify, and effectively recover from security incidents.
- Proven experience identifying vulnerabilities, anticipate threats, and leveraging a practical approach to reduce the likelihood or impact of a breach.
- IT security certifications (CISSP, CISM, CISA, GIAC, CEH or similar).
- Penetration Testing Certifications (GIAC GPEN, OSCP or similar).
- DevOps Experience (Jenkins, Docker, Kubernetes or similar).
- Familiarity with Mobile Application security lifecycle and hardening.
- Cloud Infrastructure Certifications (AWS Solutions Architect, Azure Architect, Google Compute or similar).
- PCI compliance experience (knowledge of how to secure infrastructure, systems, and applications for PCI compliance).
- Security Tool Experience (Symantec SEP, Qualys, Nessus, Metasploit, Nmap, Burp Suite, or similar).
- Knowledge of Netskope and applicable policies and traffic steering.
AEG reserves the right to change or modify the employee's job description whether orally or in writing, at any time during the employment relationship. AEG may require an employee to perform duties outside his/her normal description.